Using a U2F library

Let us have a look at the U2F sequence diagram:

The blue part is handled by the U2F client (e.g. the web browser) and the green parts are handled by the U2F server library.

Server-side

A server-side U2F library has 4 basic functions: Start registration, Finish registration, Start authentication and Finish authentication.
Below is an example of how these functions can be used in a web server:

In the example above challenge_store is a DAO that stores
challenges temporarily. The other DAO, device_store, persists data permanently. For most cases,
APP_ID is the base URL of this web app, for example:

APP_ID="https://login.example.com"

…or, when developing locally:

APP_ID="https://localhost:8080"

Note

U2F only works on HTTPS webpages.

Client-side

This section assumes that you are building a web site. If this is not the case,
have a look at our U2F host libraries instead.
Also note that Chrome is currently the only web browser supporting U2F.

The main part of the client is to
be a middle-man between the server and the U2F device.

The easiest way to use U2F in a supported browser is to use the u2f-api.js library, which exposes two functions: